Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 10 Feb 2021 10:46:36 +0000 (UTC)
From:      Adriaan de Groot <adridg@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r564849 - in head/devel/qca: . files
Message-ID:  <202102101046.11AAka3g007340@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: adridg
Date: Wed Feb 10 10:46:35 2021
New Revision: 564849
URL: https://svnweb.freebsd.org/changeset/ports/564849

Log:
  Update devel/qca to latest upstream release
  
  QCA is the Qt Cryptographic Architecture - straightforward cross-
  platform crypto API.  This release has:
   * Add macOS framework major version
   * qca-gcrypt: Add support for HKDF
   * Minimum Qt updated to 5.9
   * Fixed compilation with gcc 11
  
  While updating, I have added the patch for LibreSSL compatibility (and
  tried to upsteam it). The patch comes via Gentoo and OpenBSD and has
  been adjusted by lbartoletti@ and tjlegg@gmail.com and myself,
  so I'm filling in something generic-ish in "Obtained from" since it
  is collaborative. The PR: entry is for this patch, not for the update
  to the recent release.
  
  PR:		248590
  Reported by:	portscout, tjlegg@gmail.com
  Obtained from:	Gentoo/OpenBSD

Modified:
  head/devel/qca/Makefile
  head/devel/qca/distinfo
  head/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp

Modified: head/devel/qca/Makefile
==============================================================================
--- head/devel/qca/Makefile	Wed Feb 10 09:57:19 2021	(r564848)
+++ head/devel/qca/Makefile	Wed Feb 10 10:46:35 2021	(r564849)
@@ -2,8 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	qca
-DISTVERSION=	2.3.1
-PORTREVISION=	1
+DISTVERSION=	2.3.2
 CATEGORIES=	devel
 MASTER_SITES=	KDE/stable/qca/${PORTVERSION}
 PKGNAMESUFFIX=	-qt5

Modified: head/devel/qca/distinfo
==============================================================================
--- head/devel/qca/distinfo	Wed Feb 10 09:57:19 2021	(r564848)
+++ head/devel/qca/distinfo	Wed Feb 10 10:46:35 2021	(r564849)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1596038214
-SHA256 (qca-2.3.1.tar.xz) = c13851109abefc4623370989fae3a745bf6b1acb3c2a13a8958539823e974e4b
-SIZE (qca-2.3.1.tar.xz) = 725984
+TIMESTAMP = 1612914386
+SHA256 (qca-2.3.2.tar.xz) = 4697600237c4bc3a979e87d2cc80624f27b06280e635f5d90ec7dd4d2a9f606d
+SIZE (qca-2.3.2.tar.xz) = 735500

Modified: head/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp
==============================================================================
--- head/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp	Wed Feb 10 09:57:19 2021	(r564848)
+++ head/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp	Wed Feb 10 10:46:35 2021	(r564849)
@@ -1,58 +1,94 @@
---- plugins/qca-ossl/qca-ossl.cpp.orig	2020-02-25 09:08:01 UTC
+Patch from OpenBSD rsadowski@ 
+
+LibreSSL 3.0.x support from Stefan Strogin <steils@gentoo.org>
+
+Index: plugins/qca-ossl/qca-ossl.cpp
+--- plugins/qca-ossl/qca-ossl.cpp.orig	2021-02-04 10:29:44 UTC
 +++ plugins/qca-ossl/qca-ossl.cpp
-@@ -43,6 +43,10 @@
+@@ -41,7 +41,13 @@
+ #include <openssl/ssl.h>
+ #include <openssl/x509v3.h>
  
- #include <openssl/kdf.h>
- 
 +#ifndef RSA_F_RSA_OSSL_PRIVATE_DECRYPT
 +#define RSA_F_RSA_OSSL_PRIVATE_DECRYPT RSA_F_RSA_EAY_PRIVATE_DECRYPT
 +#endif
 +
++#ifndef LIBRESSL_VERSION_NUMBER
+ #include <openssl/kdf.h>
++#endif
+ 
  using namespace QCA;
  
- namespace opensslQCAPlugin {
-@@ -1272,6 +1276,7 @@ class opensslHkdfContext : public HKDFContext (public)
- 						 const InitializationVector &info, unsigned int keyLength) override
- 	{
- 		SecureArray out(keyLength);
-+#ifdef EVP_PKEY_HKDF
- 		EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, nullptr);
- 		EVP_PKEY_derive_init(pctx);
- 		EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256());
-@@ -1281,6 +1286,36 @@ class opensslHkdfContext : public HKDFContext (public)
- 		size_t outlen = out.size();
- 		EVP_PKEY_derive(pctx, reinterpret_cast<unsigned char*>(out.data()), &outlen);
- 		EVP_PKEY_CTX_free(pctx);
+@@ -1239,6 +1245,7 @@ class opensslPbkdf2Context : public KDFContext (public
+ protected:
+ };
+ 
++#ifndef LIBRESSL_VERSION_NUMBER
+ class opensslHkdfContext : public HKDFContext
+ {
+     Q_OBJECT
+@@ -1271,6 +1278,7 @@ class opensslHkdfContext : public HKDFContext (public)
+         return out;
+     }
+ };
++#endif // LIBRESSL_VERSION_NUMBER
+ 
+ class opensslHMACContext : public MACContext
+ {
+@@ -4951,7 +4959,11 @@ class MyTLSContext : public TLSContext (public)
+         case TLS::TLS_v1:
+             ctx = SSL_CTX_new(TLS_client_method());
+             SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
++#ifdef TLS1_3_VERSION           
+             SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION);
 +#else
-+		unsigned char prk[EVP_MAX_MD_SIZE];
-+		unsigned char *ret;
-+		unsigned int prk_len;
-+		HMAC(EVP_sha256(), salt.data(), salt.size(), reinterpret_cast<const unsigned char*>(secret.data()), secret.size(), prk, &prk_len);
-+		HMAC_CTX hmac;
-+		unsigned char prev[EVP_MAX_MD_SIZE];
-+		size_t done_len = 0;
-+		size_t dig_len = EVP_MD_size(EVP_sha256());
-+		size_t n = out.size() / dig_len;
-+		if (out.size() % dig_len) ++n;
-+		HMAC_CTX_init(&hmac);
-+		HMAC_Init_ex(&hmac, prk, prk_len, EVP_sha256(), nullptr);
-+		for (unsigned int i = 1; i <= n; ++i) {
-+			const unsigned char ctr = i;
-+			if (i > 1) {
-+				HMAC_Init_ex(&hmac, nullptr, 0, nullptr, nullptr);
-+				HMAC_Update(&hmac, prev, dig_len);
-+			}
-+			HMAC_Update(&hmac, reinterpret_cast<const unsigned char*>(info.data()), info.size());
-+			HMAC_Update(&hmac, &ctr, 1);
-+			HMAC_Final(&hmac, prev, nullptr);
-+			size_t copy_len = (done_len + dig_len > out.size()) ?
-+					out.size() - done_len : dig_len;
-+			memcpy(reinterpret_cast<unsigned char *>(out.data()) + done_len, prev, copy_len);
-+			done_len += copy_len;
-+		}
-+		HMAC_CTX_cleanup(&hmac);
-+		OPENSSL_cleanse(prk, sizeof prk);
++            SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION);
 +#endif
- 		return out;
- 	}
- };
+             break;
+         case TLS::DTLS_v1:
+         default:
+@@ -4972,7 +4984,11 @@ class MyTLSContext : public TLSContext (public)
+         QStringList cipherList;
+         for (int i = 0; i < sk_SSL_CIPHER_num(sk); ++i) {
+             const SSL_CIPHER *thisCipher = sk_SSL_CIPHER_value(sk, i);
++#ifndef LIBRESSL_VERSION_NUMBER
+             cipherList += QString::fromLatin1(SSL_CIPHER_standard_name(thisCipher));
++#else
++            cipherList += QString::fromLatin1(SSL_CIPHER_get_name(thisCipher));
++#endif
+         }
+         sk_SSL_CIPHER_free(sk);
+ 
+@@ -5345,7 +5361,11 @@ class MyTLSContext : public TLSContext (public)
+             sessInfo.version = TLS::TLS_v1;
+         }
+ 
++#ifndef LIBRESSL_VERSION_NUMBER
+         sessInfo.cipherSuite = QString::fromLatin1(SSL_CIPHER_standard_name(SSL_get_current_cipher(ssl)));
++#else
++        sessInfo.cipherSuite = QString::fromLatin1(SSL_CIPHER_get_name(SSL_get_current_cipher(ssl)));
++#endif
+ 
+         sessInfo.cipherMaxBits = SSL_get_cipher_bits(ssl, &(sessInfo.cipherBits));
+ 
+@@ -6629,7 +6649,9 @@ class opensslProvider : public Provider (public)
+ #endif
+         list += QStringLiteral("pbkdf1(sha1)");
+         list += QStringLiteral("pbkdf2(sha1)");
++#ifndef LIBRESSL_VERSION_NUMBER
+         list += QStringLiteral("hkdf(sha256)");
++#endif
+         list += QStringLiteral("pkey");
+         list += QStringLiteral("dlgroup");
+         list += QStringLiteral("rsa");
+@@ -6698,8 +6720,10 @@ class opensslProvider : public Provider (public)
+ #endif
+         else if (type == QLatin1String("pbkdf2(sha1)"))
+             return new opensslPbkdf2Context(this, type);
++#ifndef LIBRESSL_VERSION_NUMBER
+         else if (type == QLatin1String("hkdf(sha256)"))
+             return new opensslHkdfContext(this, type);
++#endif
+         else if (type == QLatin1String("hmac(md5)"))
+             return new opensslHMACContext(EVP_md5(), this, type);
+         else if (type == QLatin1String("hmac(sha1)"))



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202102101046.11AAka3g007340>